Is nslookup the best there is for reverse IP address to domain name?

nslookup is ok, but most of the time, nslookup reports nothing.

:(

tail /proc/net/nf_conntrack|awk '{print $7}' src=74.125.103.57 src=157.55.135.18 src=173.194.25.148 src=23.235.255.22

tail /proc/net/nf_conntrack|awk '{print $7}'|sed -e 's/src=/nslookup /' nslookup 74.125.103.57 nslookup 157.55.135.18 nslookup 173.194.25.148 nslookup 23.235.255.22

tail /proc/net/nf_conntrack|awk '{print $7}'|sed -e 's/src=/nslookup /'>/tmp/script chmod u+x /tmp/script /tmp/script

The result is that all of those IP addresses come up blank with nslookup.

Is there a better Linux command line tool for reverse IP lookups?

NOTE: These are not available on the Ubiquiti Rocket M2 radio. dig +noall +answer -x 74.125.20.188 host 74.125.20.188 getent hosts 74.125.20.188 nbstat -a 74.125.20.188

$ dig +short -x [ip address]

if the command isn't available ssh into a vps and do it from there. Digital Ocean will spin up a vps for $5 a month and you dig all day long.

Marek Novotny wrote, on Mon, 11 Aug 2014 22:08:34 -0500:

I'm sure dig works nicely, but, as stated, it's not installed on the router operating system.

It isn't a requirement that any given IP address also has a DNS entry; it's OK for nslookup to have no answer for some IP addresses. Almost any given IP address *should* have a "whois" record, which indicates who that block of addresses is assigned to. The command-line tool whois can be used to look this up.

The simplest query is like this:

whois 74.125.103.57

which tells me that that IP address is in a block assigned to Google. If you don't have the command-line 'whois' tool on your radio, a desktop Linux distribution will. There are also many online 'whois' tools that can be used from a web browser. I don't know if Windows ships with a whois tool or not.

Microsoft.

Google again.

This is part of a big block (23.235.224.0/19) assigned to Secured Servers LLC in Tempe, Arizona. Secured Servers has in turn "sublet" some of this block (23.235.255.0/24) to MC Pro Hosting of Fort Lauderdale, FL. (See the "Found a referral..."

Matt Roberds

mroberds wrote, on Tue, 12 Aug 2014 03:52:57 +0000:

Hi Matt,

Thanks for suggesting "whois" and for running the tests.

I just logged into the rooftop radio to test if "whois" is there:

$ ssh 191.168.1.20 -l ubnt -p 22 (login=ubnt, ssh port=22)

BusyBox v1.11.2 (2014-02-05 18:21:05 EET) built-in shell (ash) Enter 'help' for a list of built-in commands.

XM.v5.5.8# whois 74.125.103.57

-sh: whois: not found

Drat. As you had surmised, "whois" isn't on the radio linux.

But, you're right. The "whois" command worked just fine on a desktop Linux, so, what I can do is somehow figure out how to "rcp" the radio /proc/net/nf_conntrack to my Linux machine.

I tried "rcp" & "ftp" but neither was found on the Radio Linux.

Do you know of a way to get the entire /proc/net/nf_conntrack over to my Linux machine?

Yes, but why not just obtain the list of IPs and run your script on your desktop? If the device is missing crucial commands you might not really have a choice here.

If I could just get the entire /proc/net/nf_conntrack file over from the radio to the Linux desktop, that would allow all the power of the desktop Linux.

Unfortunately, neither ftp nor rcp is on the radio Linux.

Marek Novotny wrote, on Mon, 11 Aug 2014 23:26:44 -0500:

Hi Marek, That makes sense. The main stumbling block is that the nf_conntrack file can be ten thousand lines long, and cutting and pasting is problematic.

So, the problem is only *how* to get a file from the rooftop radio to the Linux desktop.

Unfortunately both rcp and ftp are not on the rooftop radio, which is a Ubiquiti Rocket M2 WiFi transceiver & antenna at 2.4GHz.

See if you have scp.

As you got ssh to the radio, scp (which is an internal rcp-like protocol OF the sshd daemon) should be available too.

ssh user@host_address cat /path/to/remote/file > local_file

Marek Novotny wrote, on Mon, 11 Aug 2014 23:48:08 -0500:

I had never even heard of "scp", but, yep, it's there!

XM.v5.5.8# scp usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 [...] [[user@]host2:]file2

Eef Hartman wrote, on Tue, 12 Aug 2014 05:16:39 +0000:

Yes, it is!

XM.v5.5.8# scp usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 [...] [[user@]host2:]file2

I had tried that command, but I think my linux laptop doesn't have the SSH port 22 enabled:

XM.v5.5.8# scp nf_conntrack laptop:/tmp/foo.txt /usr/bin/dbclient: Exited: Error resolving 'laptop' port '22'. Name or service not known lost connection

Someone also had suggested:

$ ssh user@host_address cat /path/to/remote/file > local_file

Which, for administrator=ubnt at the rooftop radio 192.168.1.20 given the ssh port is 2200, worked perfectly as a linux desktop command!

$ ssh -p 2200 lbnt@192.168.1.20 cat /proc/net/nf_conntrack > /tmp/nf.txt

Marek Novotny wrote, on Mon, 11 Aug 2014 23:48:08 -0500:

Hi Marek,

I think my linux laptop doesn't have the SSH port 22 enabled:

XM.v5.5.8# scp nf_conntrack laptop:/tmp/foo.txt /usr/bin/dbclient: Exited: Error resolving 'laptop' port '22'. Name or service not known lost connection

But, luckily, this worked from the linux laptop (given the rooftop radio administrator name is "ubnt" and the IP address of the rooftop radio is 192.168.1.20 & the ssh port is 2200):

$ ssh -p 2200 lbnt@192.168.1.20 cat /proc/net/nf_conntrack > /tmp/nf.txt

The result was that I never left the Linux laptop, and the rooftop radio's nf_conntrack file was put in the laptop tmp directory.

Now the full use of Linux is available!

Interestingly, what the "-port" syntax worked, the "colon" syntax did not:

This worked: $ ssh -p 2200 lbnt@192.168.1.20 cat /proc/net/nf_conntrack > /tmp/nf.txt This failed: $ ssh lbnt@192.168.1.20:2200 cat /proc/net/nf_conntrack > /tmp/nf.txt ssh: Could not resolve hostname 192.168.1.20:2200: Name or service not known

Since you can ssh into the radio, scp from the desktop Linux machine might work:

$ scp -P 22 ubnt@191.168.1.20:/proc/net/nf_conntrack nf_conntrack

This should give you a copy of the radio's nf_conntrack file in the current directory on the desktop Linux box.

Otherwise, you might be able to do something like this, starting on the desktop box:

desktop$ script conntrack.txt Script started, file is conntrack.txt desktop$ ssh 191.168.1.20 -l ubnt -p 22 radio# cat /proc/net/nf_conntrack [contents of file appear here] radio# logout desktop$ exit Script done, file is conntrack.txt

This will put everything that came to the screen in conntrack.txt on the desktop box. It will include control characters and stuff, so you'll have to edit that out of conntrack.txt with your favorite text editor before proceeding.

Matt Roberds

duh. :) Thanks!

Have you tried scp from the machine where you ssh from? scp ubnt@191.168.20:/proc/net/nf_conntrack

-- HASM

mroberds wrote, on Tue, 12 Aug 2014 15:37:49 +0000:

Hi Matt, The scp command, from Linux, worked perfectly.

Thanks Matt, as that's a very nice command! It has a lot of funky characters in the results, but other than that, it's a really nice trick!

1. Start the script on the Linux laptop: $ script /tmp/net.script
2. Log into the rooftop modem (transceiver): $ ssh -p 2200 -l ubnt 192.168.1.20
3. Spit out the file: # cat /proc/net/nf_conntrack nf_conntrack
4. Exit out of the radio # exit
5. Exit out of the script $ exit
6. Strip the funky characters out of the results: $ col -b /tmp/net.script > /tmp/net.txt